Traefik2.4: uses a non-existent resolver: inwx

flweber · July 23, 2021, 10:06am

Hi, i am hiting the issue resolver cannot be found, and read all the topic related, but got no answer

ENV:

kubernetes v1.20.6
traefik: 2.4.9

Traefik is beeing installed with helm chart. The values.yaml looks like:

image:
  name: traefik

globalArguments: # tried with "globalArguments" and "additionalArguments"
  - "--api.insecure=true"
  - "--accesslog=false"
  - "--log.level=DEBUG"
  - "--certificatesresolvers.inwx.acme.email=*****@example.com"
  - "--certificatesresolvers.inwx.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
  - "--certificatesresolvers.inwx.acme.dnschallenge=true"
  - "--certificatesresolvers.inwx.acme.dnschallenge.provider=inwx"
  - "--certificatesresolvers.inwx.acme.storage=/data/acme.json"

ingressRoute:
  dashboard:
    enabled: true
    insecure: true
  api:
    insecure: true

persistence:
  enabled: true
  accessMode: ReadWriteOnce
  size: 128Mi
  path: /data
  annotations: {}

env:
  - name: INWX_USERNAME
    valueFrom:
      secretKeyRef:
        name: inwx-dns
        key: INWX_USERNAME
  - name: INWX_PASSWORD
    valueFrom:
      secretKeyRef:
        name: inwx-dns
        key: INWX_PASSWORD

rbac:
  enabled: true
  namespaced: false

ports:
  traefik:
    port: 9000
    expose: true

result:
an empty acme.json was created at the desired location but taefik print:
the router flweber-whoami-ingress-flweber-test-foo-example-de-flweber-whoami@kubernetes uses a non-existent resolver: inwx

Ingress Definition:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: flweber-whoami-ingress
  namespace: flweber-test
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.tls.certresolver: "inwx"
    traefik.ingress.kubernetes.io/router.middlewares: flweber-test-flweber-stripprefix@kubernetescrd
spec:
  rules:
    - host: foo.example.de
      http:
        paths:
          - path: /flweber-whoami
            pathType: Prefix
            backend:
              service:
                name: flweber-whoami
                port:
                  number: 80

thanks in advance

I had to replace all domains with placeholders. I'm not using example.com or example.de in the real configuration

daniel.tomcej · July 23, 2021, 6:11pm

Hello @flweber,

Can you provide a copy of the debug log when traefik starts up?

flweber · July 27, 2021, 7:12am

Hello @daniel.tomcej ,
sorry for my late reply.
I have found the following output in my logs:

time="2021-07-26T09:56:43Z" level=error msg="The ACME resolver \"inwx\" is skipped from the resolvers list because: unable to get ACME account: permissions 660 for /data/acme.json are too open, please use 600"

I fixed it with an init container which changes the permission before traefik starts:

deployment:
  initContainers:
    - name: volume-permissions
      image: busybox:1.31.1
      command: ["sh", "-c", "chmod -Rv 600 /data/*"]
      volumeMounts:
        - name: data
          mountPath: /data

The first startup of traefik works fine but a helm upgrade broke it. With the init container all is working fine but is there a better way to fix this issue?

Topic		Replies	Views
Traefik2.3: uses a non-existent resolver: default/ali Traefik v2 (latest) kubernetes-crd , kubernetes-ingress , letsencrypt-acme	3	2626	December 5, 2020
Uses a non-existent resolver: myresolver Traefik v2 (latest) docker , letsencrypt-acme	0	506	May 26, 2021
Getting `non-existent resolver` error with letsencrypt tls-challenge Traefik v2 (latest) file	4	3380	February 20, 2020
Non-existent resolver: using docker + letsencrypt in static config Traefik v2 (latest) docker , letsencrypt-acme	11	3670	November 10, 2020
V2.2.1: Router uses a non-existing resolver Traefik v2 (latest) letsencrypt-acme	1	1289	June 9, 2020

Traefik2.4: uses a non-existent resolver: inwx

Related Topics